harrysarson commented on code in PR #2095:
URL: https://github.com/apache/buildstream/pull/2095#discussion_r2564453175
##########
src/buildstream/source.py:
##########
@@ -582,6 +614,16 @@ def __init__(
The project issue tracking URL
"""
+ self.name: Optional[str] = name
+ """
+ Name of the project
+ """
+
+ self.supplier: Optional[str] = supplier
+ """
+ The name of the project suppliers/owners
Review Comment:
> Good point: I would argue that we drop supplier entirely.
> ...
> With BuildStream, we normally only care about the originator, and the
BuildStream user is generally the supplier themselves, if I've understood the
text correctly.
Agree with this for the vast majority of elements.
However, there is one case where the supplier is _not_ the BuildStream user:
when integrating prebuilt binaries. I have a project where we have a set of
binaries provided by the supplier (a big an inflexible company that insist on
binary distribution) that we have to integrate in to the system. For the SBOM
entries corresponding to these prebuilt binaries we want the Supplier to be the
supplier (and not the user because the BuildStream user has no control over the
binaries they are integrating).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
